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CLAIMS 



What is claimed is: 




od for protecting software from unauthorized use on a computer system 
an external security device, t le method comprising the steps of: 

(a) encrypting the software :o be protected using an encryption key, 
creating encrypted software; 

(b) authorizing use of the software on the computer system by generating 

the security device using information 



the encryption key within 



supplied from the software; and 



(c) 



sending the encryption k 
system for decryption of 



3y from the security device to the computer 
he software. 



using at least first 
generate an encr\ 
associating the 
software; and 
storing the seconc 



first 



2 The method of claim 1 wherein ste d (a) further includes the steps of: 

(i) using at least first and second pieces of information to 

ption key; 

piece of information with the encrypted 



piece of information in the security device. 



3 The method of claim 2 wherein ste (b) further includes the steps of: 

(i) sending the first pioce of information associated with the 



encrypted software 



to the security device, and 
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(ii) using the first piece of information and the second piece of 
information to generate the encryption kep the security 
device. / 

4 The method of claim 1 further including the steps off: 

generating a second encryption key using thye first and second pieces of 
information; / 

providing the second encryption key with the encrypted software; 

during software authorization, generating a second encryption key on the 
security device using the first and seconci pieces of information; 

using the second encryption key to encrypt the first encryption key generated 
on security device prior to transmitting the first encryption key to the computer 
system; and / 

when the encrypted firsyencryption key is received on the computer system, 
using the second encryption/key provided with the encrypted software to decrypt 
the first encryption key. / 

5 The method of claim 1 further including the steps of: 

generating d random number on the computer system; 

transmitting the random number to the security device along with the first 
piece of inforn/ation; 

scrambling the security key generated by the security device by performing a 
reversibler mathematical operation on the encryption key using the random number; 
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encrypting the scrambled encryption key and transmitting tire encrypted 
scrambled encryption key to the computer system; and / 

performing a reverse of the reversible mathematicaj/operation performed 
within the security device using the random number tc^descramble the encryption 
key after the encrypted scrambled encryption key \% decrypted on the computer 
system. / 

6 The method of claim 1 further includipfg the step of: using an initialization vector 
and a key as the first and second piejzies of information. 

7 The method of claim 6 further including step of: using a security key as the 
encryption key and a comnwiications key as the second encryption key. 

8 The method of claipn 7 further including the step of: embedding a mathematical 
algorithm within the/security device to create the communications key and the 
security key frorr/the dynamic key and the initialization vector. 

9 The mettiod of claim 8 further including the step of: including the encrypted 
softwarerwith an authentication program, wherein the authentication program is 
embedded within a separate security processor provided in conjunction with the co- 
processors. 
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10 The method of claim 9 further including the step of: sharing memory between the 
security processor and the co-processors and decrypting the encrypted ^oftware in 
the shared memory. / 

1 1 The method of claim 10 further including the step of: preventing the software from 
running in any of the co-processors unless the software has first been decrypted by 
the security processor. / 

12 The method of claim 6 wherein the initialization vector is created from a checksum 
of encrypted software to be protected. / 

13 The method of claim 6 further including the step of: associating a product ID with 
the software and transferring the product ID to the security device along with the 
initialization vector. / 

14 The method of claim JZ further includes the step of: providing multiple storage 
locations within the security device to enable storing multiple dynamic keys and 
corresponding product IDs. 

15 The method of claim 14 further includes the step of: using the product ID code to 
locate and/select the appropriate dynamic key within the security device when 
receiving an authorization request. 
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16 A method for protecting software from unauthorized use on a computer system, 
the method comprising the steps of: 

(a) using at least first and second pieces of informatiqpf to generate an 
encryption key; 

(b) encrypting the software using the encryption^ key; 

(c) associating the first piece of information vvith the encrypted software; 

(d) storing the second piece of information in a security device; and 

(e) authorizing use of the software after the encrypted software is loaded 
on the computer system and th^security device is coupled to the 
computer system by, 

Cjf j (i) sending the first pie6e of information associated with the 

encrypted software to the security device, 

(ii) using the first|5iece of information and the second piece of 
informatioryto generate the encryption key in the security 
device, 

(iii) transmitting the encryption key from the security device to the 
computer system, and 

(iv) decrypting the encrypted software with the encryption key for 
use on the computer system. 



17 The method of claim 1 further including the step of: 

(v) discarding the encryption key after decryption of the encrypted 



/are. 



2356P 



-30- 



18 The method of claim 17 further including the steps of: 

generating a second encryption key using tne first and second pieces of 
information; / 

providing the second encryption key witbi the encrypted software; 

during software authorization, generating the second encryption key on the 
security device using the first and second pieces of information; 

a using the second encryption key to encrypt the first encryption key 
generated on security device prior to transmitting the first encryption key to the 
computer system; and / 

when the encrypted first encryption key is received on the computer system, 
using the second encryption key provided with the encrypted software to decrypt 
the first encryption key. / 

19 The method of claim 1 further including the steps of: 

generating a random number on the computer system; 

transmitting the random number to the security device along with the first 
piece of information; / 

scrambling the encryption key generated by the security device by 
performing a reversible/mathematical operation on the encryption key using the 
random number; / 

encrypting the/scrambled encryption key and transmitting the encrypted 
scrambled encryptio/i key to the computer system; and 
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performing a reverse of the reversible mathematical operation performed 
within the security device using the random number to descramble the encryption 
key after the encrypted scrambled encryption key is decrypted on me computer 
system. / v 

20 The method of claim 16 further including the step of: losing an initialization 
vector and a key as the first and second pieces of information. 

21 The method of claim 20 further including steps of: using a security key as the 
encryption key and a communications key as trie second encryption key. 

22 A method for protecting software frory unauthorized use on a computer system, 
the method comprising the steps of: / 

(a) creating an initialization) vector and a dynamic key; 

(b) using the initialization vector and the dynamic key to generate a 
security key; / 

(c) using the security key and the initialization vector to generate a 
communication key; 

(d) encrypting Software using the security key to create encrypted 
software/ 

(e) creating a software package comprising the initialization vector, the 
encrypted software, the communications key, and an authentication 
program; 
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(f) storing the dynamic key in a security/device; 

(g) authorizing use of the software after the software package has been 
loaded on the computer system ^fnd the security device coupled to the 
computer system by 

(i) sending the initialization vector to the security device, 

(ii) in the security device Jusing the initialization vector and the 
store dynamic key to/generate the security key and 
communication key/ 

(iii) encrypting the security key using the communication key, 

(iv) sending the encijypted security key to the computer system as 
a response, 

(v) using the communications key in the software package to 
decrypt encj/ypted security key, and 

(vi) using the Security key to decrypt the encrypted software for use 
on the computer system. 



23 The method of claim it further including the steps of: 

generating a random number on the computer system; 

transmitting the random number to the security device; 

scrambling the/security key generated by the security device by performing a 
reversible mathematical operation on the security key using the random number; 

encrypting the scrambled encryption key and transmitting the encrypted 
scrambled security key to the computer system; and 



2356P 



-33- 



performing a reverse of the reversible mathematical operation performed 
within the security device using the random number to descramble the security key 
after the encrypted scrambled security key is decrypted on the conpputer system. 

24 A computer-readable medium containing program instructions for protecting 
software from unauthorized use on a computer system as an external security 
device, the program instructions for: / 

(a) encrypting the software to be protected using an encryption key, 
creating encrypted software; / 

(b) authorizing use of the software on th^ computer system by generating 
the encryption key within the security device using information 
supplied from the software; and / 

(c) sending the encryption key from the security device to the computer 
system for decryption of the sfoftware. 

25 The computer-readable medium ofyClaim 24 wherein instruction (a) further 
includes the instructions for: / 

(i) using at least first and second pieces of information to 
generate an encryption key; 

(ii) associating/the first piece of information with the encrypted 
software;yand 

(iii) storing trie second piece of information in the security device. 
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26 The computer-readable medium of claim 25 wherein instruction Jp) further 
includes the instructions for: / 

(i) sending the first piece of information associated with the 
encrypted software to the security device, and 

(ii) using the first piece of information and the second piece of 
information to generate the encryption key in the security 
device. / 

27 The computer-readable medium of claim 26 further including the instructions for: 

generating a second encryption key^using the first and second pieces of 
information; / 

providing the second enciyptu/n key with the encrypted software; 

during software authorization, generating a second encryption key on the 
security device using the first ai/d second pieces of information; 

a using the second encryption key to encrypt the first encryption key 
generated on security device prior to transmitting the first encryption key to the 
computer system; and / 

when the encrypted first encryption key is received on the computer system, 
using the second encryption key provided with the encrypted software to decrypt 
the first encryption key. 

28 The computer-readable medium of claim 24 further including the instructions for: 

generating a random number on the computer system; 
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transmitting the random number to the security device along with the first 
piece of information; / 

scrambling the security key generated by the security device by performing a 
reversible mathematical operation on the encryption key using therandom number; 

encrypting the scrambled encryption key and transmitting the encrypted 
scrambled encryption key to the computer system; and / 

performing a reverse of the reversible mathematical operation performed 
within the security device using the random number to/Descramble the encryption 
key after the encrypted scrambled encryption key is^aecrypted on the computer 
system. / 

29 The computer-readable medium of claiyf 25 further including the instruction for: 
using an initialization vector and a key apthe first and second pieces of information. 

30 The computer-readable mediumr of claim 29 further including instruction for: 
using a security key as the encryption key and a communications key as the 
second encryption key. / 

31 The computer-readable medium of claim 30 further including the instruction for: 
embedding a mathematical algorithm within the security device to create the 
communications key /and the security key from the dynamic key and the initialization 
vector. / 
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32 The computer-readable medium of claim 31 further including the instruction for: 
including the encrypted software with an authentication program, wherein the 
authentication program is embedded within a separate security processor provided in 
conjunction with the co-processors. / 

33 The computer-readable medium of claim 32 further including the instruction for: 
sharing memory between the security processor and the co-processors and 
decrypting the encrypted software in the shared mernory. 

34 The computer-readable medium of claim 33 further including the instruction for: 
preventing the software from running in any/of the co-processors unless the software 
has first been decrypted by the security processor. 

35 The computer-readable mediuiyof claim 25 wherein the initialization vector is 
created from a checksum of encrypted software to be protected. 

36 The computer-readable medium of claim 29 further including the instruction for: 
associating a product ID with the software and transferring the product ID to the 
security device along with the initialization vector. 

37 The computer-readable medium of claim 36 further includes the instruction for: 
providing multiple storage locations within the security device to enable storing 
multiple dynamic keys and corresponding product IDs. 
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38 The computer-readable medium of claim 37 further includes the instruction for: 
using the product ID code to locate and select the appropriate dynamjc key within the 
security device when receiving an authorization request. 




39 A computer software authentication system comprising: 
a computer system; 

a software package loaded on the computer system that includes, 

an encrypted software program encry/ted with a first encryption key, 
an authorization program, 
a first key of a keyset, and 
a second encryption key; anc 
a security device in communication with the computer system that includes a 
< second key of the keyset and mathematical algorithms, 

wherein when the software package is executed the computer system, the 
encrypted software program is ai/thenticated by, 

transferring the fj/st key of the keyset from the authorization program 
to the security device, 

generating \f\ the security device the first and second encryption keys 
using the keyset and the mathematical algorithms, 

encrypting the first encryption key using the second encryption key, 
transferring the encrypted first encryption key from the security device 
to the computer system, 
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